• src/smblib/smblib.c

    From Rob Swindell (on Debian Linux)@VERT to Git commit to main/sbbs/master on Sat Jul 4 18:24:37 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/7b48c6a6bb234217b80c2695
    Modified Files:
    src/smblib/smblib.c
    Log Message:
    Prevent votes/polls from corrupting hyper-allocated message bases

    smb_addmsg() has always forced hyper-allocated storage when the base's status.attr has SMB_HYPERALLOC set, but smb_addvote(), smb_addpoll() and smb_addpollclosure() passed the caller's storage mode (typically derived
    from the sub's configured storage setting via smb_storage_mode()) straight through to smb_addmsghdr(). On a message base whose header file carries
    the SMB_HYPERALLOC attribute while the sub is configured for fast or
    self-pack allocation, a vote/poll header was then allocated via
    smb_fallochdr() or smb_allochdr() against allocation files that hyper-allocation deliberately does not maintain, yielding an offset inside existing headers: the new header overwrote a live message header and
    (spanning two blocks) overran the following one, destroying two messages
    per vote and leaving the base unreadable (smb_getmsghdr "corrupt message
    header ID" errors; chksmb "Duplicate Index Offsets" and "Overlapping
    Headers").

    Guard the header-storage branch in smb_new_msghdr() instead: if the base's persisted attr says hyper-allocated, force SMB_HYPERALLOC storage no
    matter what the caller passed. This protects every header-adding path, including any direct smb_addmsghdr() caller.

    Observed in the wild on the DEBATE sub of Vertrauen (its msgs.ini config selects fast allocation, but the 26-year-old base file is branded SMB_HYPERALLOC): the first votes cast on it destroyed messages #16-#19.

    Fixes issue #1181

    Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net